[ previous ] [ next ] [ threads ]
 From:  "Camenzind Patrick (KSTE 11)" <patrick dot camenzind at credit dash suisse dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Preliminary release 1.3b13-pre (-> DNS insecurity panic)
 Date:  Thu, 10 Jul 2008 09:53:13 +0200

When will the issue in FAQ 15.8 ("Why can't hosts on a NATed interface
talk to hosts on a bridged interface?") be fixed? Is there a workaround
for that layout (DMZ bridged to WAN and a NATed LAN)? DHCP-forward? I'd
really like to keep my servers on individual public IP addresses (given
by the DHCP of the ISP)... And still have NAT for the workstations in
LAN zone. 

Any help or update to this is very much appreciated!



-----Original Message-----
From: Manuel Kasper [mailto:mk at neon1 dot net] 
Sent: Mittwoch, 9. Juli 2008 23:32
To: m0n0wall
Subject: [m0n0wall] Preliminary release 1.3b13-pre (-> DNS insecurity


in light of the recent CERT advisory about more DNS cache poisoning
vulnerabilities in all DNS server software (discovered by Dan Kaminsky),
the author of Dnsmasq has released version 2.43rc3 of his DNS forwarder
software, which is used in m0n0wall (even though at this point he
believes that Dnsmasq isn't affected, as it doesn't do recursive name
resolution). This version now includes the recommended query source port

He'd be grateful if this Dnsmasq version got as much testing as
possible, as there's some time pressure to release a fixed final
version. I have therefore (and also because of the "Register DHCP leases
in DNS forwarder" mishap in 1.3b12) created a preliminary
1.3b13 version for the slightly more adventurous among you to test.


Any problems with the DNS forwarder in this release -> please post to
the mailing list. Thanks!

Changes since 1.3b12:

- updated Dnsmasq to 2.43rc3 (DNS query source port randomization)

- fixed "Register DHCP leases in DNS forwarder" feature

- fixed issue with PPTP VPN and traffic shaper (see

- support for IPv6 over PPPoE/PPPTP

Good night(/morning/afternoon/whatever),


To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch